Hardening Container Security

You are advised to perform the following operations in the production environment to harden the image.

• Create a non-root user in the base image, start the image and process as the non-root user, and grant only necessary capabilities to the user to prevent security risks such as container escape caused by high-privileged users.
• Properly control the owners and permissions of files in the image to prevent security risks such as container escape caused by unnecessarily unauthorized access.
• Fix vulnerabilities in the base image in a timely manner.
• When distributing images, you are advised to enable the Content trust function of Docker.